9027 matches found
CVE-2009-2493
CVE-2009-2493 : Microsoftās ATL vulnerability enables remote code execution when a user loads a specially crafted component/control hosted on a malicious page. The issue is described in MS09-037 (ATL vulnerabilities) and is addressed by Microsoft security bulletin updates; affected products inclu...
openSUSE Security Update : libopensc2 (libopensc2-186)
This update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization CVE-2008-2235. NOTE: Already initialized cards are still vulnerable after this update...
Memory corruption
Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which...
Hardcoded credentials
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document...
CVE-2009-1698
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets CSS attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code ...
CVE-2009-1711
CVE-2009-1711 affects WebKit-based components (notably in Apple Safari before 4.0) where WebKitās Attr DOM memory is not properly initialized. This can allow remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document that exercises Attr DOM memory handling...
CVE-2009-1711
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document...
CVE-2009-1711
Removed by vendor...
CVE-2009-0949
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a scheduler request with two consecutive IPPTAGUNSUPPORTED tags...
DEBIAN-CVE-2009-0949
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a scheduler request with two consecutive IPPTAGUNSUPPORTED tags...
cups: IPP_TAG_UNSUPPORTED handling NULL pointer dereference DoS
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a scheduler request with two consecutive IPPTAGUNSUPPORTED tags...
OpenJDK remote LDAP Denial-Of-Service (6717680)
LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier does not close the connection when initialization fails, which allows remote attackers to cause ...
MDVA-2009:061 : portreserve
In some cases, CUPS in Mandriva Linux 2009 would start but be unavailable, due to the possibility that 'portreserve' service was started at the wrong time, thus being unable to do its job. This update fixes that, by making sure portreserve start at the right time during system initialization...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...
CVE-2009-1436
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file...
MDKA-2007:031 : initscripts
The initscripts package would make the network initialization wait uselessly when there was no link on an interface. It would also display warnings in the IPv6 scripts. This package corrects both problems. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch i...
MDVA-2008:168 : sound-scripts
The sound initialization scripts provided with Mandriva Linux 2009 activate the Analog Loopback channel when it is present. This channel is present on most audio chipsets supported by the snd-hda-intel driver, which are commonly used on recent systems. When active, this channel plays back the sou...
FreeBSD : Samba 3.0.x password initialization bug (3388eff9-5d6e-11d8-80e3-0020ed76ef5a)
From the Samba 3.0.2 release notes : Security Announcement: It has been confirmed that previous versions of Samba 3.0 are susceptible to a password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script. %NASLMINLEVEL 70300...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. The asn1bufimbed function in the ASN.1 decoder in MIT Kerberos 5 aka krb5 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service application crash via a crafted length value that trigger...
Mandriva Update for sound-scripts MDVA-2008:168 (sound-scripts)
Check for the Version of sound-scripts OpenVAS Vulnerability Test Mandriva Update for sound-scripts MDVA-2008:168 sound-scripts Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/...